You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by gg...@apache.org on 2024/02/23 19:17:35 UTC
(commons-net) branch master updated (ed77bbc7 -> f6717be6)
This is an automated email from the ASF dual-hosted git repository.
ggregory pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/commons-net.git
from ed77bbc7 Remove old comment
new 9e3509f5 Refactor constant
new 695f142a Camel case variable name
new f6717be6 Guard against polynomial regular expression used on uncontrolled data in VMSVersioningFTPEntryParser
The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
src/changes/changes.xml | 1 +
.../ftp/parser/VMSVersioningFTPEntryParser.java | 29 +++++++++++-----------
2 files changed, 15 insertions(+), 15 deletions(-)
(commons-net) 02/03: Camel case variable name
Posted by gg...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
ggregory pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-net.git
commit 695f142affec3146fd1427480e97e68335180bef
Author: Gary Gregory <ga...@gmail.com>
AuthorDate: Fri Feb 23 14:00:40 2024 -0500
Camel case variable name
---
.../commons/net/ftp/parser/VMSVersioningFTPEntryParser.java | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/src/main/java/org/apache/commons/net/ftp/parser/VMSVersioningFTPEntryParser.java b/src/main/java/org/apache/commons/net/ftp/parser/VMSVersioningFTPEntryParser.java
index d83abcd7..5f763516 100644
--- a/src/main/java/org/apache/commons/net/ftp/parser/VMSVersioningFTPEntryParser.java
+++ b/src/main/java/org/apache/commons/net/ftp/parser/VMSVersioningFTPEntryParser.java
@@ -88,9 +88,9 @@ public class VMSVersioningFTPEntryParser extends VMSFTPEntryParser {
while (iter.hasNext()) {
final String entry = iter.next().trim();
MatchResult result;
- final Matcher _preparse_matcher_ = PATTERN.matcher(entry);
- if (_preparse_matcher_.matches()) {
- result = _preparse_matcher_.toMatchResult();
+ final Matcher matcher = PATTERN.matcher(entry);
+ if (matcher.matches()) {
+ result = matcher.toMatchResult();
final String name = result.group(1);
final String version = result.group(2);
final Integer nv = Integer.valueOf(version);
@@ -110,9 +110,9 @@ public class VMSVersioningFTPEntryParser extends VMSFTPEntryParser {
while (iter.hasPrevious()) {
final String entry = iter.previous().trim();
MatchResult result = null;
- final Matcher _preparse_matcher_ = PATTERN.matcher(entry);
- if (_preparse_matcher_.matches()) {
- result = _preparse_matcher_.toMatchResult();
+ final Matcher matcher = PATTERN.matcher(entry);
+ if (matcher.matches()) {
+ result = matcher.toMatchResult();
final String name = result.group(1);
final String version = result.group(2);
final int nv = Integer.parseInt(version);
(commons-net) 03/03: Guard against polynomial regular expression used on uncontrolled data in VMSVersioningFTPEntryParser
Posted by gg...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
ggregory pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-net.git
commit f6717be6a4fade0de09f5ad9c509bb69b9867cb7
Author: Gary Gregory <ga...@gmail.com>
AuthorDate: Fri Feb 23 14:17:32 2024 -0500
Guard against polynomial regular expression used on uncontrolled data in
VMSVersioningFTPEntryParser
---
src/changes/changes.xml | 1 +
.../commons/net/ftp/parser/VMSVersioningFTPEntryParser.java | 8 +++++++-
2 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/src/changes/changes.xml b/src/changes/changes.xml
index 96aa4c7d..6cfc97e8 100644
--- a/src/changes/changes.xml
+++ b/src/changes/changes.xml
@@ -67,6 +67,7 @@ The <action> type attribute can be add,update,fix,remove.
<release version="3.11.0" date="202Y-MM-DD" description="Maintenance and bug fix release (Java 8 or above).">
<!-- FIX -->
<action type="fix" dev="ggregory" due-to="Gary Gregory">Precompile regular expression in UnixFTPEntryParser.preParse(List<String>).</action>
+ <action type="fix" dev="ggregory" due-to="Gary Gregory">Guard against polynomial regular expression used on uncontrolled data in VMSVersioningFTPEntryParser.</action>
<!-- ADD -->
<action type="add" issue="NET-726" dev="ggregory" due-to="PJ Fanning, Gary Gregory">Add protected getters to FTPSClient #204.</action>
<action type="add" dev="ggregory" due-to="Gary Gregory">Add SubnetUtils.toString().</action>
diff --git a/src/main/java/org/apache/commons/net/ftp/parser/VMSVersioningFTPEntryParser.java b/src/main/java/org/apache/commons/net/ftp/parser/VMSVersioningFTPEntryParser.java
index 5f763516..a74eac26 100644
--- a/src/main/java/org/apache/commons/net/ftp/parser/VMSVersioningFTPEntryParser.java
+++ b/src/main/java/org/apache/commons/net/ftp/parser/VMSVersioningFTPEntryParser.java
@@ -43,7 +43,13 @@ import org.apache.commons.net.ftp.FTPClientConfig;
*/
public class VMSVersioningFTPEntryParser extends VMSFTPEntryParser {
- private static final String REGEX = "(.*?);([0-9]+)\\s*.*";
+ /**
+ * Guard against polynomial regular expression used on uncontrolled data.
+ * Don't look for more than 20 digits for the version.
+ * Don't look for more than 80 spaces after the version.
+ * Don't look for more than 80 characters after the spaces.
+ */
+ private static final String REGEX = "(.*?);([0-9]{1,20})\\s{0,80}.{0,80}";
private static final Pattern PATTERN = Pattern.compile(REGEX);
/**
(commons-net) 01/03: Refactor constant
Posted by gg...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
ggregory pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-net.git
commit 9e3509f56f78939cab79d38d4590342becef35db
Author: Gary Gregory <ga...@gmail.com>
AuthorDate: Fri Feb 23 13:59:49 2024 -0500
Refactor constant
---
.../net/ftp/parser/VMSVersioningFTPEntryParser.java | 15 ++++-----------
1 file changed, 4 insertions(+), 11 deletions(-)
diff --git a/src/main/java/org/apache/commons/net/ftp/parser/VMSVersioningFTPEntryParser.java b/src/main/java/org/apache/commons/net/ftp/parser/VMSVersioningFTPEntryParser.java
index 4acad902..d83abcd7 100644
--- a/src/main/java/org/apache/commons/net/ftp/parser/VMSVersioningFTPEntryParser.java
+++ b/src/main/java/org/apache/commons/net/ftp/parser/VMSVersioningFTPEntryParser.java
@@ -23,7 +23,6 @@ import java.util.ListIterator;
import java.util.regex.MatchResult;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
-import java.util.regex.PatternSyntaxException;
import org.apache.commons.net.ftp.FTPClientConfig;
@@ -44,8 +43,8 @@ import org.apache.commons.net.ftp.FTPClientConfig;
*/
public class VMSVersioningFTPEntryParser extends VMSFTPEntryParser {
- private static final String PRE_PARSE_REGEX = "(.*?);([0-9]+)\\s*.*";
- private final Pattern preparsePattern;
+ private static final String REGEX = "(.*?);([0-9]+)\\s*.*";
+ private static final Pattern PATTERN = Pattern.compile(REGEX);
/**
* Constructor for a VMSFTPEntryParser object.
@@ -67,12 +66,6 @@ public class VMSVersioningFTPEntryParser extends VMSFTPEntryParser {
*/
public VMSVersioningFTPEntryParser(final FTPClientConfig config) {
configure(config);
- try {
- preparsePattern = Pattern.compile(PRE_PARSE_REGEX);
- } catch (final PatternSyntaxException pse) {
- throw new IllegalArgumentException("Unparseable regex supplied: " + PRE_PARSE_REGEX);
- }
-
}
@Override
@@ -95,7 +88,7 @@ public class VMSVersioningFTPEntryParser extends VMSFTPEntryParser {
while (iter.hasNext()) {
final String entry = iter.next().trim();
MatchResult result;
- final Matcher _preparse_matcher_ = preparsePattern.matcher(entry);
+ final Matcher _preparse_matcher_ = PATTERN.matcher(entry);
if (_preparse_matcher_.matches()) {
result = _preparse_matcher_.toMatchResult();
final String name = result.group(1);
@@ -117,7 +110,7 @@ public class VMSVersioningFTPEntryParser extends VMSFTPEntryParser {
while (iter.hasPrevious()) {
final String entry = iter.previous().trim();
MatchResult result = null;
- final Matcher _preparse_matcher_ = preparsePattern.matcher(entry);
+ final Matcher _preparse_matcher_ = PATTERN.matcher(entry);
if (_preparse_matcher_.matches()) {
result = _preparse_matcher_.toMatchResult();
final String name = result.group(1);